Case Study: a large financial services management company strengthens security and recovers from a state-sponsored cyberattack with Palo Alto Networks Unit 42 Incident Response

Large Financial Services Management Company recovers hundreds of thousands of dollars with Palo Alto Networks

The customer, a large financial services management company, was the victim of a state-sponsored cyberattack by the North Korean Lazarus Group, which resulted in the theft of hundreds of thousands of dollars in cryptocurrency. Following the breach, the company needed immediate incident response services from Palo Alto Networks to identify the source and scope of the attack, secure its environment, and receive guidance on communicating the event to its board.

Palo Alto Networks' Unit 42 Incident Response team investigated and identified the attack chain, which began with a spear-phishing campaign. The team provided recommendations to lock down systems, including prohibiting personal devices on the corporate network and adopting EDR/XDR tools. These actions helped secure the environment, remove the threat actor, and position the company's security leadership to credibly address the board with a plan to prevent future attacks.